CVE-2025-15513

MEDIUM

WordPress Float Payment Gateway <1.1.9 - Info Disclosure

Title source: llm

Description

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as failed.

References (3)

Core 3

Core References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3444078%40float-gateway&new=3444078%40float-gateway&sfp_email=&sfph_mail=

Product

https://plugins.trac.wordpress.org/browser/float-gateway/tags/1.1.9/index.php#L477

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c7fb39-d128-4285-8bc3-1e192e1e1196?source=cve

Scores

CVSS v3 5.3

EPSS 0.0023

EPSS Percentile 13.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (1)

floattechnologies/Float Payment Gateway < 1.1.9

Published Jan 14, 2026

Tracked Since Feb 18, 2026